[Secure-testing-commits] r41277 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Fri Apr 29 10:35:50 UTC 2016 

Author: carnil
Date: 2016-04-29 10:35:50 +0000 (Fri, 29 Apr 2016)
New Revision: 41277

Modified:
   data/CVE/list
Log:
Add more ntp fixes via the last ntp update in unstable

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-04-29 10:31:54 UTC (rev 41276)
+++ data/CVE/list	2016-04-29 10:35:50 UTC (rev 41277)
@@ -14196,7 +14196,7 @@
 	RESERVED
 CVE-2015-8140 [ntpq vulnerable to replay attacks]
 	RESERVED
-	- ntp <unfixed>
+	- ntp 1:4.2.8p7+dfsg-1
 	[jessie] - ntp <no-dsa> (Minor issue)
 	[wheezy] - ntp <no-dsa> (Minor issue)
 	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
@@ -14204,7 +14204,7 @@
 	NOTE: Mitigated in 4.2.8p6
 CVE-2015-8139 [Origin Leak: ntpq and ntpdc, disclose origin]
 	RESERVED
-	- ntp <unfixed>
+	- ntp 1:4.2.8p7+dfsg-1
 	[jessie] - ntp <no-dsa> (Minor issue)
 	[wheezy] - ntp <no-dsa> (Minor issue)
 	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
@@ -14750,7 +14750,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2015/10/27/5
 CVE-2015-7979 [Off-path Denial of Service (DoS) attack on authenticated broadcast mode]
 	RESERVED
-	- ntp <unfixed>
+	- ntp 1:4.2.8p7+dfsg-1
 	[jessie] - ntp <no-dsa> (Minor issue, can be fixed along in a future update)
 	[wheezy] - ntp <no-dsa> (Minor issue, can be fixed along in a future update)
 	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
@@ -14758,7 +14758,7 @@
 	NOTE: https://github.com/ntp-project/ntp/commit/fe46889f7baa75fc8e6c0fcde87706d396ce1461
 CVE-2015-7978 [Stack exhaustion in recursive traversal of restriction list]
 	RESERVED
-	- ntp <unfixed>
+	- ntp 1:4.2.8p7+dfsg-1
 	[jessie] - ntp <no-dsa> (Minor issue, can be fixed along in a future update)
 	[wheezy] - ntp <no-dsa> (Minor issue, can be fixed along in a future update)
 	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
@@ -14766,7 +14766,7 @@
 	NOTE: https://github.com/ntp-project/ntp/commit/8a0c765f3c47633fa262356b0818788d1cf249b1
 CVE-2015-7977 [reslist NULL pointer dereference]
 	RESERVED
-	- ntp <unfixed>
+	- ntp 1:4.2.8p7+dfsg-1
 	[jessie] - ntp <no-dsa> (Minor issue, can be fixed along in a future update)
 	[wheezy] - ntp <no-dsa> (Minor issue, can be fixed along in a future update)
 	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
@@ -14774,7 +14774,7 @@
 	NOTE: https://github.com/ntp-project/ntp/commit/8a0c765f3c47633fa262356b0818788d1cf249b1
 CVE-2015-7976 [ntpq saveconfig command allows dangerous characters in filenames]
 	RESERVED
-	- ntp <unfixed> (low)
+	- ntp 1:4.2.8p7+dfsg-1 (low)
 	[jessie] - ntp <no-dsa> (Minor issue, can be fixed along in a future update)
 	[wheezy] - ntp <no-dsa> (Minor issue, can be fixed along in a future update)
 	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
@@ -14783,20 +14783,20 @@
 	NOTE: https://github.com/ntp-project/ntp/commit/7fe04606062ed674db3b9553d32dedad29504d61
 CVE-2015-7975 [nextvar() missing length check]
 	RESERVED
-	- ntp <unfixed>
+	- ntp 1:4.2.8p7+dfsg-1
 	[jessie] - ntp <not-affected> (Introduced in 4.2.8)
 	[wheezy] - ntp <not-affected> (Introduced in 4.2.8)
 	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
 	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2937
 CVE-2015-7974 (NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer ...)
-	- ntp <unfixed> (low)
+	- ntp 1:4.2.8p7+dfsg-1 (low)
 	[jessie] - ntp <no-dsa> (Minor issue, can be fixed along in a future update)
 	[wheezy] - ntp <no-dsa> (Minor issue, can be fixed along in a future update)
 	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
 	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2936
 CVE-2015-7973 [Deja Vu: Replay attack on authenticated broadcast mode]
 	RESERVED
-	- ntp <unfixed> (low)
+	- ntp 1:4.2.8p7+dfsg-1 (low)
 	[jessie] - ntp <no-dsa> (Minor issue, can be fixed along in a future update)
 	[wheezy] - ntp <no-dsa> (Minor issue, can be fixed along in a future update)
 	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit

More information about the Secure-testing-commits mailing list